The Mozilla Foundation reports:

CVE-2018-5146: Out of bounds memory write in libvorbis

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

CVE-2018-5147: Out of bounds memory write in libtremor

The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.

< 1.3.6,3

< 1.2.1.s20180316

< 59.0.1,1

< 56.0.4.36_3

< 2.49.3

< 52.7.2,1

< 52.7.2,2

< 52.7.3

< 52.7.0

The Mozilla Foundation reports:

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows.

< 50.0.2,1

< 45.5.1,1

< 45.5.1,2

< 2.46

< 2.46

< 45.5.1

< 45.5.1

< 45.5.1

Mozilla Foundation reports:

MFSA 2016-49 Miscellaneous memory safety hazards (rv:47.0 / rv:45.2)

MFSA 2016-50 Buffer overflow parsing HTML5 fragments

MFSA 2016-51 Use-after-free deleting tables from a contenteditable document

MFSA 2016-52 Addressbar spoofing though the SELECT element

MFSA 2016-54 Partial same-origin-policy through setting location.host through data URI

MFSA 2016-56 Use-after-free when textures are used in WebGL operations after recycle pool destruction

MFSA 2016-57 Incorrect icon displayed on permissions notifications

MFSA 2016-58 Entering fullscreen and persistent pointerlock without user permission

MFSA 2016-59 Information disclosure of disabled plugins through CSS pseudo-classes

MFSA 2016-60 Java applets bypass CSP protections

< 47.0,1

< 2.44

< 45.2.0,1

< 45.2.0,2

< 45.2.0

A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program.

• MFSA 2006-56 chrome: scheme loading remote content
• MFSA 2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
• MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...)
• MFSA 2006-53 UniversalBrowserRead privilege escalation
• MFSA 2006-52 PAC privilege escalation using Function.prototype.call
• MFSA 2006-51 Privilege escalation using named-functions and redefined "new Object()"
• MFSA 2006-50 JavaScript engine vulnerabilities
• MFSA 2006-49 Heap buffer overwrite on malformed VCard
• MFSA 2006-48 JavaScript new Function race condition
• MFSA 2006-47 Native DOM methods can be hijacked across domains
• MFSA 2006-46 Memory corruption with simultaneous events
• MFSA 2006-45 Javascript navigator Object Vulnerability
• MFSA 2006-44 Code execution through deleted frame reference

< 1.5.0.5,1

gt 2.*,1 lt 2.0_1,1

< 1.5.0.5

< 3.0.a2006.07.26

< 1.0.3

< 1.5.0.5

gt 0

Mozilla Foundation reports:

MFSA 2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)

MFSA 2016-42 Use-after-free and buffer overflow in Service Workers

MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets

MFSA 2016-45 CSP not applied to pages sent with multipart/x-mixed-replace

MFSA 2016-46 Elevation of privilege with chrome.tabs.update API in web extensions

MFSA 2016-47 Write to invalid HashMap entry through JavaScript.watch()

MFSA 2016-48 Firefox Health Reports could accept events from untrusted domains

< 46.0,1

< 2.43

ge 39.0,1 lt 45.1.0,1

< 38.8.0,1

ge 39.0 lt 45.1.0

< 38.8.0

Mozilla Foundation reports:

CVE-2019-9811: Sandbox escape via installation of malicious language pack

CVE-2019-11711: Script injection within domain through inner window reuse

CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects

CVE-2019-11713: Use-after-free with HTTP/2 cached stream

CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread

CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault

CVE-2019-11715: HTML parsing error can contribute to content XSS

CVE-2019-11716: globalThis not enumerable until accessed

CVE-2019-11717: Caret character improperly escaped in origins

CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML

CVE-2019-11719: Out-of-bounds read when importing curve25519 private key

CVE-2019-11720: Character encoding XSS vulnerability

CVE-2019-11721: Domain spoofing through unicode latin 'kra' character

CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin

CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries

CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions

CVE-2019-11725: Websocket resources bypass safebrowsing protections

CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3

CVE-2019-11728: Port scanning through Alt-Svc header

CVE-2019-11710: Memory safety bugs fixed in Firefox 68

CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8

< 68.0_4,1

< 56.2.12

< 2.53.0

< 60.8.0,1

< 60.8.0,2

< 60.8.0

The Mozilla Project reports:

MFSA 2014-01 Miscellaneous memory safety hazards (rv:27.0 / rv:24.3)

MFSA 2014-02 Clone protected content with XBL scopes

MFSA 2014-03 UI selection timeout missing on download prompts

MFSA 2014-04 Incorrect use of discarded images by RasterImage

MFSA 2014-05 Information disclosure with *FromPoint on iframes

MFSA 2014-06 Profile path leaks to Android system log

MFSA 2014-07 XSLT stylesheets treated as styles in Content Security Policy

MFSA 2014-08 Use-after-free with imgRequestProxy and image proccessing

MFSA 2014-09 Cross-origin information leak through web workers

MFSA 2014-10 Firefox default start page UI content invokable by script

MFSA 2014-11 Crash when using web workers with asm.js

MFSA 2014-12 NSS ticket handling issues

MFSA 2014-13 Inconsistent JavaScript handling of access to Window objects

gt 25.0,1 lt 27.0,1

< 24.3.0,1

< 27.0,1

< 2.24

< 24.3.0

< 2.24

< 24.3.0

The Mozilla Project reports:

MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)

MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true

MFSA 2011-03 Use-after-free error in JSON.stringify

MFSA 2011-04 Buffer overflow in JavaScript upvarMap

MFSA 2011-05 Buffer overflow in JavaScript atom map

MFSA 2011-06 Use-after-free error using Web Workers

MFSA 2011-07 Memory corruption during text run construction (Windows)

MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents

MFSA 2011-09 Crash caused by corrupted JPEG image

MFSA 2011-10 CSRF risk with plugins and 307 redirects

gt 3.6.*,1 lt 3.6.14,1

gt 3.5.*,1 lt 3.5.17,1

gt 1.9.2.* lt 1.9.2.14

< 3.6.14,1

< 3.5.17

gt 2.0.* lt 2.0.12

ge 3.1 lt 3.1.8

gt 2.0.* lt 2.0.12

< 3.1.8

The Mozilla Project reports:

MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)

MFSA 2012-75 select element persistance allows for attacks

MFSA 2012-76 Continued access to initial origin after setting document.domain

MFSA 2012-77 Some DOMWindowUtils methods bypass security checks

MFSA 2012-78 Reader Mode pages have chrome privileges

MFSA 2012-79 DOS and crash with full screen and history navigation

MFSA 2012-80 Crash with invalid cast when using instanceof operator

MFSA 2012-81 GetProperty function can bypass security checks

MFSA 2012-82 top object and location property accessible by plugins

MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties

MFSA 2012-84 Spoofing and script injection through location.hash

MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer

MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer

MFSA 2012-87 Use-after-free in the IME State Manager

MFSA 2012-88 Miscellaneous memory safety hazards (rv:16.0.1)

MFSA 2012-89 defaultValue security checks not applied

gt 11.0,1 lt 16.0.1,1

< 10.0.9,1

< 10.0.9,1

< 2.13.1

< 10.0.9

< 2.13.1

gt 11.0 lt 16.0.1

< 10.0.9

gt 1.9.2.* lt 10.0.9

Mozilla Foundation reports:

CVE-2019-9790: Use-after-free when removing in-use DOM elements

CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey

CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script

CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled

CVE-2019-9794: Command line arguments not discarded during execution

CVE-2019-9795: Type-confusion in IonMonkey JIT compiler

CVE-2019-9796: Use-after-free with SMIL animation controller

CVE-2019-9797: Cross-origin theft of images with createImageBitmap

CVE-2019-9798: Library is loaded from world writable APITRACE_LIB location

CVE-2019-9799: Information disclosure via IPC channel messages

CVE-2019-9801: Windows programs that are not 'URL Handlers' are exposed to web content

CVE-2019-9802: Chrome process information leak

CVE-2019-9803: Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation

CVE-2019-9804: Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS

CVE-2019-9805: Potential use of uninitialized memory in Prio

CVE-2019-9806: Denial of service through successive FTP authorization prompts

CVE-2019-9807: Text sent through FTP connection can be incorporated into alert messages

CVE-2019-9809: Denial of service through FTP modal alert error messages

CVE-2019-9808: WebRTC permissions can display incorrect origin with data: and blob: URLs

CVE-2019-9789: Memory safety bugs fixed in Firefox 66

CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6

< 66.0_3,1

< 56.2.9

< 2.53.0

< 60.6.0,1

< 60.6.0,2

< 60.6.0

The Mozilla Foundation reports:

MFSA 2008-58 Parsing error in E4X default namespace

MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals

MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation

MFSA 2008-55 Crash and remote code execution in nsFrameManager

MFSA 2008-54 Buffer overflow in http-index-format parser

MFSA 2008-53 XSS and JavaScript privilege escalation via session restore

MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)

MFSA 2008-51 file: URIs inherit chrome privileges when opened from chrome

MFSA 2008-50 Crash and remote code execution via __proto__ tampering

MFSA 2008-49 Arbitrary code execution via Flash Player dynamic module unloading

MFSA 2008-48 Image stealing via canvas and HTTP redirect

MFSA 2008-47 Information stealing via local shortcut files

MFSA 2008-46 Heap overflow when canceling newsgroup message

MFSA 2008-44 resource: traversal vulnerabilities

MFSA 2008-43 BOM characters stripped from JavaScript before execution

MFSA 2008-42 Crashes with evidence of memory corruption (rv:1.9.0.2/1.8.1.17)

MFSA 2008-41 Privilege escalation via XPCnativeWrapper pollution

MFSA 2008-38 nsXMLDocument::OnChannelRedirect() same-origin violation

MFSA 2008-37 UTF-8 URL stack buffer overflow

< 2.0.0.18,1

gt 3.*,1 lt 3.0.4,1

< 2.0.0.18

< 1.1.13

< 2.0.0.18

The Mozilla Project reports:

MFSA 2011-46 loadSubScript unwraps XPCNativeWrapper scope parameter (1.9.2 branch)

MFSA 2011-47 Potential XSS against sites using Shift-JIS

MFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0)

MFSA 2011-49 Memory corruption while profiling using Firebug

MFSA 2011-50 Cross-origin data theft using canvas and Windows D2D

MFSA 2011-51 Cross-origin image theft on Mac with integrated Intel GPU

MFSA 2011-52 Code execution via NoWaiverWrapper

gt 4.0,1 lt 8.0,1

gt 3.6.*,1 lt 3.6.24,1

gt 1.9.2.* lt 1.9.2.24

< 8.0,1

< 8.0

gt 4.0 lt 8.0

< 3.1.16

Mozilla Foundation reports:

CVE-2018-18356: Use-after-free in Skia

CVE-2019-5785: Integer overflow in Skia

CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext

< 65.0.1,1

< 60.5.1,1

< 60.5.1

Mozilla Foundation reports:

CVE-2018-5183: Backport critical security fixes in Skia

CVE-2018-5154: Use-after-free with SVG animations and clip paths

CVE-2018-5155: Use-after-free with SVG animations and text paths

CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files

CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer

CVE-2018-5159: Integer overflow and out-of-bounds write in Skia

CVE-2018-5160: Uninitialized memory use by WebRTC encoder

CVE-2018-5152: WebExtensions information leak through webRequest API

CVE-2018-5153: Out-of-bounds read in mixed content websocket messages

CVE-2018-5163: Replacing cached data in JavaScript Start-up Bytecode Cache

CVE-2018-5164: CSP not applied to all multipart content sent with multipart/x-mixed-replace

CVE-2018-5166: WebExtension host permission bypass through filterReponseData

CVE-2018-5167: Improper linkification of chrome: and javascript: content in web console and JavaScript debugger

CVE-2018-5168: Lightweight themes can be installed without user interaction

CVE-2018-5169: Dragging and dropping link text onto home button can set home page to include chrome pages

CVE-2018-5172: Pasted script from clipboard can run in the Live Bookmarks page or PDF viewer

CVE-2018-5173: File name spoofing of Downloads panel with Unicode characters

CVE-2018-5174: Windows Defender SmartScreen UI runs with less secure behavior for downloaded files in Windows 10 April 2018 Update

CVE-2018-5175: Universal CSP bypass on sites using strict-dynamic in their policies

CVE-2018-5176: JSON Viewer script injection

CVE-2018-5177: Buffer overflow in XSLT during number formatting

CVE-2018-5165: Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox

CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension

CVE-2018-5180: heap-use-after-free in mozilla::WebGLContext::DrawElementsInstanced

CVE-2018-5181: Local file can be displayed in noopener tab through drag and drop of hyperlink

CVE-2018-5182: Local file can be displayed from hyperlink dragged and dropped on addressbar

CVE-2018-5151: Memory safety bugs fixed in Firefox 60

CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8

< 60.0,1

< 56.1.0_18

< 2.49.4

< 52.8.0,1

< 52.8.0,2

< 52.8.0

Mozilla Foundation reports:

CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin

CVE-2018-12392: Crash with nested event loops

CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript

CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting

CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts

CVE-2018-12397:

CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs

CVE-2018-12399: Spoofing of protocol registration notification bar

CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android

CVE-2018-12401: DOS attack through special resource URI parsing

CVE-2018-12402: SameSite cookies leak when pages are explicitly saved

CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP

CVE-2018-12388: Memory safety bugs fixed in Firefox 63

CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3

< 63.0_1,1

< 56.2.5

< 2.53.0

< 60.3.0,1

< 60.3.0,2

< 60.3.0

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.

• MFSA 2007-25 XPCNativeWrapper pollution
• MFSA 2007-24 Unauthorized access to wyciwyg:// documents
• MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document
• MFSA 2007-20 Frame spoofing while window is loading
• MFSA 2007-19 XSS using addEventListener and setTimeout
• MFSA 2007-18 Crashes with evidence of memory corruption

< 2.0.0.5,1

gt 3.*,1 lt 3.0.a2_3,1

< 2.0.0.5

< 1.1.3

< 3.0.a2007.12.12

< 2.0.a2007.12.12

gt 0

Mozilla Foundation reports:

MFSA 2016-01 Miscellaneous memory safety hazards (rv:44.0 / rv:38.6)

MFSA 2016-02 Out of Memory crash when parsing GIF format images

MFSA 2016-03 Buffer overflow in WebGL after out of memory allocation

MFSA 2016-04 Firefox allows for control characters to be set in cookie names

MFSA 2016-06 Missing delay following user click events in protocol handler dialog

MFSA 2016-09 Addressbar spoofing attacks

MFSA 2016-10 Unsafe memory manipulation found through code inspection

MFSA 2016-11 Application Reputation service disabled in Firefox 43

< 44.0,1

< 2.41

< 38.6.0,1

< 38.6.0

The Mozilla Project reports:

MFSA 2012-90 Fixes for Location object issues

gt 11.0,1 lt 16.0.2,1

< 10.0.10,1

< 10.0.10,1

< 2.13.2

< 10.0.10

< 2.13.2

gt 11.0 lt 16.0.2

< 10.0.10

gt 1.9.2.* lt 10.0.10

The Mozilla Project reports:

MFSA 2014-66 IFRAME sandbox same-origin access through redirect

MFSA 2014-65 Certificate parsing broken by non-standard character encoding

MFSA 2014-64 Crash in Skia library when scaling high quality images

MFSA 2014-63 Use-after-free while when manipulating certificates in the trusted cache

MFSA 2014-62 Exploitable WebGL crash with Cesium JavaScript library

MFSA 2014-61 Use-after-free with FireOnStateChange event

MFSA 2014-60 Toolbar dialog customization event spoofing

MFSA 2014-59 Use-after-free in DirectWrite font handling

MFSA 2014-58 Use-after-free in Web Audio due to incorrect control message ordering

MFSA 2014-57 Buffer overflow during Web Audio buffering for playback

MFSA 2014-56 Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)

< 31.0,1

< 24.7.0,1

< 31.0,1

< 24.7.0

< 24.7.0

< 3.16.1_2

A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program.

• MFSA 2006-29 Spoofing with translucent windows
• MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented
• MFSA 2006-26 Mail Multiple Information Disclosure
• MFSA 2006-25 Privilege escalation through Print Preview
• MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
• MFSA 2006-23 File stealing by changing input type
• MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
• MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)
• MFSA 2006-19 Cross-site scripting using .valueOf.call()
• MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
• MFSA 2006-17 cross-site scripting through window.controllers
• MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()
• MFSA 2006-15 Privilege escalation using a JavaScript function's cloned parent
• MFSA 2006-14 Privilege escalation via XBL.method.eval
• MFSA 2006-13 Downloading executables with "Save Image As..."
• MFSA 2006-12 Secure-site spoof (requires security warning dialog)
• MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
• MFSA 2006-10 JavaScript garbage-collection hazard audit
• MFSA 2006-09 Cross-site JavaScript injection using event handlers

< 1.0.8,1

gt 1.5.*,1 lt 1.5.0.2,1

< 1.5.0.2

< 1.7.13,2

ge 1.8.*,2

< 1.7.13

gt 0

< 1.0.1

< 1.5.0.2

Mozilla Foundation reports:

CVE-2018-5091: Use-after-free with DTMF timers

CVE-2018-5092: Use-after-free in Web Workers

CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing

CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory

CVE-2018-5095: Integer overflow in Skia library during edge builder allocation

CVE-2018-5097: Use-after-free when source document is manipulated during XSLT

CVE-2018-5098: Use-after-free while manipulating form input elements

CVE-2018-5099: Use-after-free with widget listener

CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are freed from memory

CVE-2018-5101: Use-after-free with floating first-letter style elements

CVE-2018-5102: Use-after-free in HTML media elements

CVE-2018-5103: Use-after-free during mouse event handling

CVE-2018-5104: Use-after-free during font face manipulation

CVE-2018-5105: WebExtensions can save and execute files on local file system without user prompts

CVE-2018-5106: Developer Tools can expose style editor information cross-origin through service worker

CVE-2018-5107: Printing process will follow symlinks for local file access

CVE-2018-5108: Manually entered blob URL can be accessed by subsequent private browsing tabs

CVE-2018-5109: Audio capture prompts and starts with incorrect origin attribution

CVE-2018-5110: Cursor can be made invisible on OS X

CVE-2018-5111: URL spoofing in addressbar through drag and drop

CVE-2018-5112: Extension development tools panel can open a non-relative URL in the panel

CVE-2018-5113: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow

CVE-2018-5114: The old value of a cookie changed to HttpOnly remains accessible to scripts

CVE-2018-5115: Background network requests can open HTTP authentication in unrelated foreground tabs

CVE-2018-5116: WebExtension ActiveTab permission allows cross-origin frame content access

CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right

CVE-2018-5118: Activity Stream images can attempt to load local content through file:

CVE-2018-5119: Reader view will load cross-origin content in violation of CORS headers

CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar

CVE-2018-5122: Potential integer overflow in DoCrypt

CVE-2018-5090: Memory safety bugs fixed in Firefox 58

CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6

< 58.0_1,1

< 56.0.3.63

< 2.49.2

< 52.6.0_1,1

< 52.6.0,2

< 52.6.0

The Mozilla Project reports:

MFSA 2012-34 Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5)

MFSA 2012-36 Content Security Policy inline-script bypass

MFSA 2012-37 Information disclosure though Windows file shares and shortcut files

MFSA 2012-38 Use-after-free while replacing/inserting a node in a document

MFSA 2012-39 NSS parsing errors with zero length items

MFSA 2012-40 Buffer overflow and use-after-free issues found using Address Sanitizer

gt 11.0,1 lt 13.0,1

< 10.0.5,1

< 10.0.5,1

< 2.10

< 10.0.5

< 2.10

gt 11.0 lt 13.0

< 10.0.5

gt 1.9.2.* lt 10.0.5

The Mozilla Project reports:

MFSA 2015-96 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)

MFSA 2015-97 Memory leak in mozTCPSocket to servers

MFSA 2015-98 Out of bounds read in QCMS library with ICC V4 profile attributes

MFSA 2015-99 Site attribute spoofing on Android by pasting URL with unknown scheme

MFSA 2015-100 Arbitrary file manipulation by local user through Mozilla updater

MFSA 2015-101 Buffer overflow in libvpx while parsing vp9 format video

MFSA 2015-102 Crash when using debugger with SavedStacks in JavaScript

MFSA 2015-103 URL spoofing in reader mode

MFSA 2015-104 Use-after-free with shared workers and IndexedDB

MFSA 2015-105 Buffer overflow while decoding WebM video

MFSA 2015-106 Use-after-free while manipulating HTML media content

MFSA 2015-107 Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems

MFSA 2015-108 Scripted proxies can access inner window

MFSA 2015-109 JavaScript immutable property enforcement can be bypassed

MFSA 2015-110 Dragging and dropping images exposes final URL after redirects

MFSA 2015-111 Errors in the handling of CORS preflight request headers

MFSA 2015-112 Vulnerabilities found through code inspection

MFSA 2015-113 Memory safety errors in libGLES in the ANGLE graphics library

MFSA 2015-114 Information disclosure via the High Resolution Time API

< 41.0,1

< 41.0,1

< 2.38

< 2.38

< 38.3.0,1

< 38.3.0

< 38.3.0

< 38.3.0

Mozilla Foundation reports:

CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList

CVE-2018-5128: Use-after-free manipulating editor selection ranges

CVE-2018-5129: Out-of-bounds write with malformed IPC messages

CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption

CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources

CVE-2018-5132: WebExtension Find API can search privileged pages

CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized

CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions

CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts

CVE-2018-5136: Same-origin policy violation with data: URL shared workers

CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources

CVE-2018-5138: Android Custom Tab address spoofing through long domain names

CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol

CVE-2018-5141: DOS attack through notifications Push API

CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs

CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar

CVE-2018-5126: Memory safety bugs fixed in Firefox 59

CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7

< 59.0_1,1

< 56.0.4.36_3

< 2.49.3

< 52.7.0,1

< 52.7.0,2

< 52.7.0

The Mozilla Project reports:

MFSA 2014-48 Miscellaneous memory safety hazards (rv:30.0 / rv:24.6)

MFSA 2014-49 Use-after-free and out of bounds issues found using Address Sanitizer

MFSA 2014-51 Use-after-free in Event Listener Manager

MFSA 2014-52 Use-after-free with SMIL Animation Controller

MFSA 2014-53 Buffer overflow in Web Audio Speex resampler

MFSA 2014-54 Buffer overflow in Gamepad API

MFSA 2014-55 Out of bounds write in NSPR

< 30.0,1

< 24.6.0,1

< 2.26.1

< 30.0,1

< 2.26.1

< 24.6.0

< 4.10.6

< 24.6.0

The Mozilla Project reports:

MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)

MFSA 2012-92 Buffer overflow while rendering GIF images

MFSA 2012-93 evalInSanbox location context incorrectly applied

MFSA 2012-94 Crash when combining SVG text on path with CSS

MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page

MFSA 2012-96 Memory corruption in str_unescape

MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox

MFSA 2012-98 Firefox installer DLL hijacking

MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment

MFSA 2012-100 Improper security filtering for cross-origin wrappers

MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset

MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges

MFSA 2012-103 Frames can shadow top.location

MFSA 2012-104 CSS and HTML injection through Style Inspector

MFSA 2012-105 Use-after-free and buffer overflow issues found

MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer

gt 11.0,1 lt 17.0,1

< 10.0.11,1

< 10.0.11,1

< 2.14

< 10.0.11

< 2.14

gt 11.0 lt 17.0

< 10.0.11

gt 1.9.2.* lt 10.0.11

The Mozilla Project reports:

MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)

MFSA 2013-94 Spoofing addressbar though SELECT element

MFSA 2013-95 Access violation with XSLT and uninitialized data

MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions

MFSA 2013-97 Writing to cycle collected object during image decoding

MFSA 2013-98 Use-after-free when updating offline cache

MFSA 2013-99 Security bypass of PDF.js checks using iframes

MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing

MFSA 2013-101 Memory corruption in workers

MFSA 2013-102 Use-after-free in HTML document templates

< 24.1.0,1

< 25.0,1

< 2.22

< 24.1.0

< 2.22

< 24.1.0

Google Chrome Releases reports:

[583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.

Mozilla Foundation reports:

Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered.

ge 0.3.0 lt 0.3.0_1

< 0.2.0_2

< 0.3.0_3

< 48.0.2564.109

< 45.0,1

< 2.42

< 38.7.0,1

< 38.7.0

Mozilla Foundation reports:

MFSA 2009-32 JavaScript chrome privilege escalation

MFSA 2009-31 XUL scripts bypass content-policy checks

MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar

MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null

MFSA 2009-28 Race condition while accessing the private data of a NPObject JS wrapper class object

MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests

MFSA 2009-26 Arbitrary domain cookie access by local file: resources

MFSA 2009-25 URL spoofing with invalid unicode characters

MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)

< 2.0.0.20_8,1

gt 3.*,1 lt 3.0.11,1

< 3.0.11

< 2.0.0.22

< 1.1.17

Mozilla Foundation reports:

CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy [low]

CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 [critical]

CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 [critical]

CVE-2016-5270 - Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString [high]

CVE-2016-5271 - Out-of-bounds read in PropertyProvider::GetSpacingInternal [low]

CVE-2016-5272 - Bad cast in nsImageGeometryMixin [high]

CVE-2016-5273 - crash in mozilla::a11y::HyperTextAccessible::GetChildOffset [high]

CVE-2016-5274 - use-after-free in nsFrameManager::CaptureFrameState [high]

CVE-2016-5275 - global-buffer-overflow in mozilla::gfx::FilterSupport::ComputeSourceNeededRegions [critical]

CVE-2016-5276 - Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList [high]

CVE-2016-5277 - Heap-use-after-free in nsRefreshDriver::Tick [high]

CVE-2016-5278 - Heap-buffer-overflow in nsBMPEncoder::AddImageFrame [critical]

CVE-2016-5279 - Full local path of files is available to web pages after drag and drop [moderate]

CVE-2016-5280 - Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap [high]

CVE-2016-5281 - use-after-free in DOMSVGLength [high]

CVE-2016-5282 - Don't allow content to request favicons from non-whitelisted schemes [moderate]

CVE-2016-5283 -